0

I have a JAVA application that uses UnboundID LDAP SDK to connect and to authenticate to a LDAP local server.
The server is a Windows Server 2008 R2 with Active Directory and It's configured to NOT allow anonymous authentication.
But if i try to perform an anonymous bind using my application, the BindResult is resulting success. I'm connecting using SimpleBindRequest() method like JAVADOC says. Here is my code:

 public boolean autenticarAnonimamente() throws AutenticacaoExcecao
 {       
    GerenciadorConexaoLdap gerenciadorLdap = new GerenciadorConexaoLdap();
    LDAPConnection connection;
    try {
        connection = gerenciadorLdap.conectarServidorLdap(ldap);
        SimpleBindRequest request = new SimpleBindRequest();

        BindResult result = connection.bind(request);
        boolean retorno = result.getResultCode().equals(ResultCode.SUCCESS);
        connection.close();
        return retorno;
    } catch (LDAPException | GeneralSecurityException ex) {
        throw new AutenticacaoExcecao(ex);            
    }   
}

I tried to test my server using Google Apps Directory Sync and it's denying any anonymous bind. If i configure my server to allow anonymous connection, the Google application results OK.
Anyone know what can be?

Jose Victor
  • 350
  • 1
  • 5
  • 13

1 Answers1

2

It's not clear what the difference is, but it's definitely the case that calling the connection.bind(new SimpleBindRequest()) will send an anonymous simple bind request to the server and will cause the client to read the response back from the server.

It is almost certainly the case that either Google Apps Directory Sync is sending a different bind request (perhaps it's a SASL ANONYMOUS bind request, or maybe it's a request that has a non-empty DN but an empty password), or the failure you're seeing in Google Apps Directory Sync isn't actually the bind failing but rather something that it's trying to do after the bind.

I would recommend trying to examine the traffic between the client and the server to see what the Google client is trying to do. The ldap-debugger tool provided with the UnboundID LDAP SDK can be used to accomplish this. It acts as a very simple LDAP proxy that will display detailed information about any traffic that passes through it. You could also use any kind of network packet capture mechanism like snoop, tcpdump, or Wireshark to capture the network communication for analysis.

Neil Wilson
  • 1,706
  • 8
  • 4